An extremely nasty vulnerability has been discovered in the standard markup application on Google Pixel smartphones for quick image editing (mainly for captions on screenshots). It turned out that when editing images in PNG format, the application did not overwrite the entire old file, allowing the original image to be partially restored from the remaining pieces of data. Much of what users tried to hide in screenshots through cropping or retouching is now recoverable.
The vulnerability was named aCropalypse. Under this name the first about her told Simon Aarons on his Twitter feed @ItsSimonTime. He was apparently the first to pay attention to her, as follows published correspondence in the blog of another vulnerability specialist, David Buchanan. Google too called reported this vulnerability in the March 13 bulletin this year, where it was assigned the code CVE-2023-21036. Google did not give details, but pointed out the high degree of danger.
Introducing Acropalypse: a serious privacy vulnerability in Google Pixel’s built-in screenshot editing tool, Markup, which allows partial restoration of the original, unedited image data of a cropped and/or redacted screenshot. Many thanks to @David3141593 for his constant help! pic.twitter.com/BXNQomnHbr
— Simon Aarons (@ItsSimonTime) March 17, 2023
In fact, all publicly available screenshots taken on many generations of Google smartphones in recent years may contain hidden sensitive data that can now be revealed. Most of the time, this is bank details, postal addresses, or similar, as screenshots often serve as quick confirmation of receipt or shipment of goods or provision of services. Quick snapshot editing did not remove sensitive information and write it to the edited file, as hoped by users.
A website has been created to check previously created screenshots for vulnerabilities acropalypse.app/where you can download the corresponding PNG file by selecting the Google Pixel model.
According to experts, the problem appeared after updating the API back in Android 10. Prior to the tenth release, the parseMode(“w”) function truncated the file and overwrote the data by default, and then stopped doing it. Since Android 10, the “wt” function was supposed to truncate the file, which Google never documented, and also the “wt” function gave an error overwriting the file if the new file was smaller than the old one. In general, it did not work in the new way, but it was not overwritten in the old way. Now back up your data as best you can.